Privacy Policy

Name and address of the controller

PASSAVIA Druckservice GmbH & Co. KG
Medienstr. 5b I 
94036 Passau
Germany
Phone: +49 851 966 180-0
E-Mail: info@passavia.de
Website: www.passavia.de

is the controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws.


Name and address of the data protection officer

The data protection officer of the controller is:
AGOR AG
Niddastraße 74
60329 Frankfurt am Main
Germany
Phone: +49 (0) 69 - 9494 32 410
E-mail: info@agor-ag.com
Website: www.agor-ag.com


General information on data processing


Scope of the processing of personal data
We only collect and use the personal data of our websites users as far as this is necessary to provide a functional website or our content and services.

In principle, the collection and use of our users' personal data only takes place with their consent. An exception to this principle applies in cases where the processing of data is permitted by law or where it is not possible to obtain prior consent for factual reasons.

Legal basis for the processing of personal data
The legal bases for the processing of personal data generally arise from:
Art. 6 para. 1 sentence 1 lit. a GDPR when obtaining the consent of the data subject.

Art. 6 para. 1 sentence 1 lit. b GDPR for processing operations necessary for the performance of a contract to which the data subject is party. This also includes processing operations that are necessary for the performance of pre-contractual measures.

Art. 6 para. 1 sentence 1 lit. c GDPR for processing operations that are necessary for compliance with a legal obligation.

Art. 6 para. 1 sentence 1 lit. d GDPR, if vital interests of the data subject or another natural person require the processing of personal data.

Art. 6 para. 1 sentence 1 lit. f GDPR, if the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest.
In order to be able to base the processing of personal data on a legitimate interest, an assessment is carried out for each relevant process in consultation with the data protection officer, whereby the following three conditions must be met:
1) The controller responsible for processing the personal data or a third party has a legitimate interest in the data processing.
2) Processing is necessary for the purposes of the legitimate interest.
3) The interests or fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail.

Data erasure and storage duration
The user's personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Data may be stored for longer if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.


Use of our website, general information


Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the user's computer system. The following information may be collected:

Information about the browser type and version used, the user's operating system, the user's internet service provider, the user's IP address, the date and time of access, websites from which the user's system accesses our website, websites that are accessed by the user's system via our website.

The data described is stored in the log files of our system. This data is not stored together with other personal data of the user.

Purpose and legal basis for processing
Temporary storage of the IP address by our system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

Data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.

The collection of your personal data for the provision of our website and the storage of the data in log files is absolutely necessary for the operation of the website. The user therefore has no option to object.

Duration of storage
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If your data is collected to ensure the provision of the website, the data will be deleted when the respective session has ended.

If your data is stored in log files, it will be deleted after seven days at the latest. Storage beyond this period is possible, in which case the IP addresses of the users are deleted or anonymized. It is then no longer possible to identify the accessing client.

General information on the use of cookies
We use cookies on our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When you access a website, a cookie may be stored on your operating system. This contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the browser can be identified even after a page change.

TTDSG:
The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user's terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the Act to Regulate Data Protection and Privacy in Telecommunications and Telemedia (abbreviated in German to TTDSG).

Please regard that the legal basis for the processing of the personal data collected in this context then results from the GDPR (Art. 6 para. 1 sentence 1 GDPR). The relevant legal basis for the processing of personal data in each specific case can be found below on the respective cookie or on the respective processing itself.

The primary legal basis for the storage of information in the end user's terminal equipment - i.e. in particular for the storage of cookies - is your consent, Section 25 (1) sentence 1 TTDSG. Consent is given when you visit our website - although it does not have to be given - and can be revoked at any time in the cookie settings.

According to Section 25 (2) No. 2 TTDSG, consent is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user. In the cookie settings, you can see which cookies are to be classified as absolutely necessary (often also referred to as "technically necessary cookies") and therefore fall under the exemption rule of Section 25 (2) TTDSG and therefore do not require consent.


GDPR:
The legal basis for the processing of personal data using cookies results from Art. 6 para. 1 sentence 1 lit. f GDPR. The purpose of using technically necessary cookies is to simplify the use of our website.

We would like to point out that individual functions of our website can only be offered with the use of cookies.

We do not use user data collected by technically necessary cookies to create user profiles.

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have control over the use of cookies. You can restrict or deactivate the transmission of cookies by making changes in the settings of your Internet browser. Stored cookies can also be deleted there. Please note that you may no longer be able to use all the functions of our website if you deactivate cookies.

The legal basis for the processing of personal data using cookies for analysis and advertising purposes is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent to this.


Your rights / Rights of the data subject

Right of access

You have the right to receive information from us as the controller as to whether and which personal data concerning you are processed by us and further information in accordance with the legal requirements under Art. 13, 14 GDPR.
You can assert your right to information at: datenschutz@passavia.de

Right to rectification
If the personal data processed by us and relating to you is incorrect or incomplete, you have a right to rectification and/or completion. The correction will be made immediately.

Right to restriction
You have the right to restrict the processing of personal data concerning you in accordance with the statutory provisions (Art. 18 GDPR).

Right to erasure
If the reasons set out in Art. 17 GDPR apply, you can request that the personal data concerning you is deleted immediately.

We would like to point out that the right to erasure does not exist as far as the processing is necessary for one of the exceptional circumstances mentioned in Art. 17 para. 3.

Right to information
If you have asserted the right to rectification, erasure or restriction of processing, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.

Right to data portability
Under the GDPR, you also have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.

Right to revoke the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to object
You also have the right to object, for reasons arising from your particular situation, at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 sentence 1 lit. e or f GDPR.

Automated decision in individual cases including profiling
Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Right to lodge a complaint with a supervisory authority
Finally, if you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.


Data transfer outside the EU
The GDPR guarantees the same high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union as part of the use of third-party services. We will only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that your data may then only be processed on the basis of special guarantees, such as the EU Commission's officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations, the so-called "standard data protection clauses".


EU-US Trans-Atlantic Data Privacy Framework
As part of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as secure within the framework of the adequacy decision of 10.07.2023. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/s/participant-search


Data processing under the Swiss FADP
In principle, the use of our website is subject to the statutory provisions of the GDPR. If you also visit our website from Switzerland and as far as the associated data processing also affects you as a Swiss citizen, these data protection provisions also apply to you under the Swiss Federal Act on Data Protection ("Swiss FADP" in the version of September 1, 2023), analogous to the GDPR.

In principle, the Swiss FADP does not stipulate a legal basis. In this respect, we only process your data from Switzerland if the processing is lawful, carried out in good faith and is proportionate in accordance with Art. 6 para. 1 and 2 of the Swiss FADP. Furthermore, your data will only be collected by us for a specific purpose that is recognizable to the data subject and only processed in such a way that it is compatible with these purposes in accordance with Art. 6 para. 3 of the Swiss FADP.

In this context, please also note that although certain terms are formulated differently under the GDPR, they have the same legal meaning as under the Swiss FADP. For example, the GDPR terms "processing" of "personal data", "legitimate interest" and "special categories of data" used in this data protection notice correspond to the terms "processing" of "personal data", "overriding interest" and "sensitive personal data" used in the Swiss FADP.

The data subject rights set out here pursuant to Art. 12 et seq. GDPR can also be asserted by data subjects from Switzerland in accordance with the provisions of Art. 25 et seq. of the Swiss FADP.


Newsletter

General information
You can subscribe to a free newsletter on our homepage, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent. The data you enter in the input mask during registration will be transmitted to us.

We collect the following data on the basis of the consent obtained from you during the registration process:
E-mail address

The following data is also stored at the time of transmission:
Date and time of registration and double opt-in logging.
Your data will not be passed on in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.

Double opt-in and logging
The registration for our newsletter takes place in a so-called double opt-in procedure. After registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses.

Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address.

Legal basis
The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent. The purpose of collecting the user's email address is to send the newsletter.

Deletion, revocation and objection
Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. Your e-mail address will therefore be stored for as long as the subscription to the newsletter is active. You can unsubscribe from the newsletter at any time by revoking your consent. There is a corresponding link for this purpose in every newsletter.

We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements pursuant to Art. 21 GDPR. In particular, you may object to processing for direct marketing purposes.

CleverReach
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) is stored on CleverReach's servers in Germany or Ireland.
Our newsletters sent with CleverReach enable us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. Conversion tracking can also be used to analyze whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletters can be found at
https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

The data processing takes place on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

If you do not want CleverReach to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the CleverReach servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

You can find more details in CleverReach's privacy policy at: https://www.cleverreach.com/de/datenschutz/.

We have concluded a contract with CleverReach for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using CleverReach.

Statistical survey
We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the evaluations, we link the data mentioned under point 1 and the web beacons with your e-mail address and an individual ID.

The data is collected exclusively in pseudonymized form, i.e. the IDs are not linked to your other personal data, and direct personal identification is excluded.

If you do not wish to be analyzed by our newsletter, you have to unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website. The information will be stored for as long as you have subscribed to the newsletter.


Contacting us electronically
If you would like to contact us, a contact form is available on our homepage which you can use to contact us electronically. The data entered in the input mask will be transmitted to us and stored. These data are
Company (optional), first name, surname, telephone number (optional), e-mail address, message
The following data is also stored when the message is sent:
The user's IP address, date and time of contact

It is also possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.
Your data will not be passed on to third parties in this context; the data will be used exclusively for processing the communication.

The legal basis for the processing of the contact request and its handling is regularly Art. 6 para. 1 sentence 1 lit. b GDPR.

If further personal data is processed during the sending process, this is only used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.


Application form
On this website we show you job vacancies for which interested parties can apply by e-mail. Unsolicited applications can also be sent to us by e-mail. In the case of an incoming application, we process the data received from the applicant exclusively for the purpose of processing for the potential filling of the vacant position.

The primary legal basis for this is Art. 88 GDPR in conjunction with Section 26 (1) BDSG Federal Data Protection Act).

Within our company, access to your personal data is only granted to those persons who are responsible for handling the application process and who are the decision-makers regarding the outcome of the application.

We delete your personal data as soon as it is no longer required for the above-mentioned purposes. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted no later than six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Your personal data will not be passed on to third parties.


Social Media

Facebook

Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Data protection declaration: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads
and http://www.youronlinechoices.com

Instagram
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Data protection declaration/Opt-Out: http://instagram.com/about/legal/privacy/

LinkedIn
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Data protection declaration: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Xing
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Data protection declaration/ Opt-Out:
https://privacy.xing.com/de/datenschutzerklaerung

Social media presence
We maintain fan pages within various social networks and platforms with the aim of communicating with the customers, interested parties and users active there and informing them about our services.

We would like to point out that your personal data may be processed outside the European Union, which may result in risks for you (e.g. when enforcing your rights under European / German law).

As a rule, user data is processed for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and the resulting interests of the users. These user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are generally stored on the user's computer, in which the user's usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

The processing of users' personal data is based on our legitimate interests in effective user information and communication with users in accordance with Art. 6 para. 1 sentence 1 lit. f. GDPR. GDPR. If users are asked by the respective providers to consent to data processing (i.e. to give their consent, e.g. by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a. GDPR.

Further information on the processing of your personal data and your options to object can be found under the links of the respective provider listed below. The assertion of information and other rights of the data subjects can also be made against the providers, then only they have direct access to the data of the users and have the corresponding information. We are of course available to answer any questions you may have and will support you if you need help.

Google Maps
We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.

When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in section IV of this declaration is transmitted to Google. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

The legal basis for the use of Google Maps is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f, which consists of providing our users with the most extensive and appealing user experience possible.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy